Manualshelf

User`s guide

ManualsBrandsProxicast ManualsComputer equipmentLAN-Cell 2
121122123124125126127128129130
LAN-Cell 2 User’s Guide
127
CHAPTER 6
DMZ Screens
6.1 Overview
The DeMilitarized Zone (DMZ) provides a way for public servers (Web, e-mail, FTP, etc.) to
be visible to the outside world (while still being protected from DoS (Denial of Service)
attacks such as SYN flooding and Ping of Death). These public servers can also still be
accessed from the secure LAN.
6.1.1 What You Can Do in the DMZ Screens
Use the DMZ screen (Section 6.2 on page 129) to configure TCP/IP, DHCP, IP/MAC
binding and NetBIOS settings on the DMZ.
Use the Static DHCP screen (Section 6.3 on page 132) to configure the IP addresses
assigned to devices in the DMZ by DHCP.
Use the IP Alias screen (Section 6.4 on page 133) to configure IP alias settings on the
LAN-Cell’s DMZ ports.
Use the Port Roles screen (Section 6.5 on page 135) to configure DMZ ports on the LAN-
Cell.
6.1.2 What You Need To Know About DMZ
DMZ and Security
It is highly recommended that you connect all of your public servers to the DMZ port(s).
It is also highly recommended that you keep all sensitive information off of the public servers
connected to the DMZ port. Store sensitive information on LAN computers.
DMZ and Firewall Rules
By default the firewall allows traffic between the WAN and the DMZ, traffic from the DMZ to
the LAN is denied, and traffic from the LAN to the DMZ is allowed. Internet users can have
access to host servers on the DMZ but no access to the LAN, unless special filter rules
allowing access were configured by the administrator or the user is an authorized remote user.
DMZ and NAT
See Chapter 13 on page 289 for an overview of NAT.
If you do not configure SUA NAT or any full feature NAT mapping rules for the public IP
addresses on the DMZ, the LAN-Cell will route traffic to the public IP addresses on the DMZ